Cloud Backup supports network isolation to help secure access between resources.
RAM policies based on users
Resource Access Management (RAM) is a resource access control service provided by Alibaba Cloud. By configuring RAM policies, you can manage users such as employees, systems, or applications, and control which resources they can access.
A RAM policy is in JSON format. You configure a RAM policy by specifying the Action, Effect, Resource, and Condition elements in statements. A single policy can contain multiple statements for flexible authorization management. For more information, see RAM overview.
Temporary access authorization based on STS
RAM policies manage long-term access permissions. To grant time-limited access, use Security Token Service (STS) to create temporary credentials. Temporary credentials consist of an AccessKey pair and a security token. You can obtain them from environment variables by using STS SDKs and distribute them to temporary users who need to access Cloud Backup. Because STS credentials are restricted in scope and duration, credential leaks pose lower risks than leaks of long-term credentials.
STS lets you grant temporary credentials with a custom validity period and custom permissions to a third-party application or a RAM user managed by you, enabling controlled access to Cloud Backup.